Bryan Ford's Home Page

MorphIT: Morphing Packet Reports for Internet Transparency	May 4 2019
Atom: Horizontally Scaling Strong Anonymity	Oct 30 2017
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
An Efficient Communication System With Strong Anonymity	Jul 19 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities	Mar 16 2016
Let's verify real people, not real names.	Oct 7 2015
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014
Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014
From Onions to Shallots: Rewarding Tor Relays with TEARS	Jul 18 2014
Crypto-Book: An Architecture for Privacy Preserving Online Identities	Nov 22 2013
Conscript Your Friends into Larger Anonymity Sets with JavaScript	Nov 4 2013
Hang With Your Buddies to Resist Intersection Attacks	Nov 4 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scavenging for Anonymity with BlogDrop	Jul 9 2012
Faceless: Decentralized Anonymous Group Messaging for Online Social Networks	Apr 10 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008

Private Eyes: Secure Remote Biometric Authentication	Jul 20 2015
Strong Theft-Proof Privacy-Preserving Biometric Authentication	May 25 2012

Rationality is Self-Defeating in Permissionless Systems	Sep 23 2019
On the Security of Two-Round Multi-Signatures	May 20 2019
Rethinking General-Purpose Decentralized Computing	May 12 2019
So They're Selling You a Blockchain	Sep 11 2018
OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding	May 22 2018
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds	Aug 18 2017
How Do You Know It's On the Blockchain? With a SkipChain.	Aug 1 2017
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
Untangling Mining Incentives in Bitcoin and ByzCoin	Oct 25 2016
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	Aug 10 2016
Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning	May 23 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Collectively Witnessing Log Servers in CT	Oct 20 2015
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014

Heading Off Correlated Failures through Independence-as-a-Service	Oct 7 2014
Structural Cloud Audits that Protect Private Information	Nov 8 2013
An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable	Nov 3 2013
Icebergs in the Clouds: the Other Risks of Cloud Computing	Jun 12 2012
Determinating Timing Channels in Compute Clouds	Oct 8 2010

Rationality is Self-Defeating in Permissionless Systems	Sep 23 2019
Untangling Mining Incentives in Bitcoin and ByzCoin	Oct 25 2016
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	Aug 10 2016

Reducing Metadata Leakage from Encrypted Files and Communication with PURBs	Jul 18 2019
On the Security of Two-Round Multi-Signatures	May 20 2019
MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data	Jul 13 2018
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds	Aug 18 2017
How Do You Know It's On the Blockchain? With a SkipChain.	Aug 1 2017
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing	Jul 19 2017
Scalable Bias-Resistant Distributed Randomness	May 23 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	Aug 10 2016
An Efficient Communication System With Strong Anonymity	Jul 19 2016
Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning	May 23 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities	Mar 16 2016
Apple, FBI, and Software Transparency	Mar 10 2016
Collectively Witnessing Log Servers in CT	Oct 20 2015
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Private Eyes: Secure Remote Biometric Authentication	Jul 20 2015
Certificate Cothority: Towards Trustworthy Collective CAs	Jul 2 2015
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014
From Onions to Shallots: Rewarding Tor Relays with TEARS	Jul 18 2014
Crypto-Book: An Architecture for Privacy Preserving Online Identities	Nov 22 2013
Conscript Your Friends into Larger Anonymity Sets with JavaScript	Nov 4 2013
Ensuring High-Quality Randomness in Cryptographic Key Generation	Nov 4 2013
Hang With Your Buddies to Resist Intersection Attacks	Nov 4 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scavenging for Anonymity with BlogDrop	Jul 9 2012
Strong Theft-Proof Privacy-Preserving Biometric Authentication	May 25 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
Eyo: Device-Transparent Personal Storage	Jun 15 2011
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
Alpaca: Extensible Authorization for Distributed Services	Oct 29 2007
Structured Streams: a New Transport Abstraction	Aug 27 2007
Unmanaged Internet Protocol: Taming the Edge Network Management Crisis	Nov 20 2003

The Remote Voting Minefield: from North Carolina to Switzerland	Feb 22 2019
Technology Governs Us. Will it Govern Us Well?	Jun 23 2017
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
Delegative Democracy Revisited	Nov 16 2014
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008
Individual Representation	Nov 23 2004
Wiki Democracy	Aug 16 2004
Delegative Voting	Oct 21 2002
Delegative Democracy	May 15 2002

Deterministically Deterring Timing Attacks in Deterland	Oct 4 2015
Lazy Tree Mapping: Generalizing and Scaling Deterministic Parallelism	Jul 29 2013
Plugging Side-Channel Leaks with Timing Information Flow Control	Jun 13 2012
A Virtual Memory Foundation for Scalable Deterministic Parallelism	Jul 11 2011
Deterministic OpenMP for Race-Free Parallelism	May 26 2011
Workspace Consistency: A Programming Model for Shared Memory Parallelism	Mar 6 2011
Determinating Timing Channels in Compute Clouds	Oct 8 2010
Efficient System-Enforced Deterministic Parallelism	Oct 5 2010

PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
Hang With Your Buddies to Resist Intersection Attacks	Nov 4 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010

Rationality is Self-Defeating in Permissionless Systems	Sep 23 2019
Untangling Mining Incentives in Bitcoin and ByzCoin	Oct 25 2016
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014
From Onions to Shallots: Rewarding Tor Relays with TEARS	Jul 18 2014

CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
Advanced Development of Certified OS Kernels	Jul 15 2010

On Enforcing the Digital Immunity of a Large Humanitarian Organization	May 22 2018
Welcome to the World of Human Rights: Please Make Yourself Uncomfortable	May 23 2013

Rethinking Priorities: Should Identity Systems Divide or Unite People?	Feb 8 2019
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning	May 23 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Collectively Witnessing Log Servers in CT	Oct 20 2015
Let's verify real people, not real names.	Oct 7 2015
Private Eyes: Secure Remote Biometric Authentication	Jul 20 2015
Certificate Cothority: Towards Trustworthy Collective CAs	Jul 2 2015
Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Strong Theft-Proof Privacy-Preserving Biometric Authentication	May 25 2012
A Dynamic Recursive Unified Internet Design (DRUID)	Dec 24 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008
Alpaca: Extensible Authorization for Distributed Services	Oct 29 2007
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006
User-Relative Names for Globally Connected Personal Devices	Feb 27 2006
Unmanaged Internet Protocol: Taming the Edge Network Management Crisis	Nov 20 2003
Scalable Internet Routing on Topology-Independent Node Identities	Oct 31 2003

On Enforcing the Digital Immunity of a Large Humanitarian Organization	May 22 2018
Technology Governs Us. Will it Govern Us Well?	Jun 23 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014

Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Enhancing the OS against Security Threats in System Administration	Dec 3 2012
Fitting Square Pegs Through Round Pipes: Unordered Delivery Wire-Compatible with TCP and TLS	Apr 27 2012
CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
A Dynamic Recursive Unified Internet Design (DRUID)	Dec 24 2010
Minion: an all-terrain packet packhorse to jump-start stalled internet transports	Nov 28 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
Breaking Up the Transport Logjam	Oct 6 2008
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
Structured Streams: a New Transport Abstraction	Aug 27 2007
Unmanaged Internet Protocol: Taming the Edge Network Management Crisis	Nov 20 2003
Microkernels Meet Recursive Virtual Machines	Oct 30 1996

Reducing Metadata Leakage from Encrypted Files and Communication with PURBs	Jul 18 2019
Metadata Protection Considerations for TLS Present and Future	Feb 21 2016

Interface and Execution Models in the Fluke Kernel	Feb 24 1999
The Flux OSKit: A Substrate for Kernel and Language Research	Oct 6 1997
The Flux OS Toolkit: Reusable Components for OS Implementation	May 5 1997
CPU Inheritance Scheduling	Oct 30 1996
Microkernels Meet Recursive Virtual Machines	Oct 30 1996
User-level Checkpointing Through Exportable Kernel State	Oct 27 1996
The Persistent Relevance of the Local Operating System to Global Applications	Sep 9 1996
Evolving Mach 3.0 to A Migrating Thread Model	Jan 17 1994
Microkernels Should Support Passive Objects	Dec 9 1993
In-Kernel Servers on Mach 3.0: Implementation and Performance	Apr 19 1993
Notes on Thread Models in Mach 3.0	Apr 1 1993

Rethinking General-Purpose Decentralized Computing	May 12 2019
CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
Minion: an all-terrain packet packhorse to jump-start stalled internet transports	Nov 28 2010
Advanced Development of Certified OS Kernels	Jul 15 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
Interface and Execution Models in the Fluke Kernel	Feb 24 1999
The Flux OSKit: A Substrate for Kernel and Language Research	Oct 6 1997
The Flux OS Toolkit: Reusable Components for OS Implementation	May 5 1997
CPU Inheritance Scheduling	Oct 30 1996
In-Kernel Servers on Mach 3.0: Implementation and Performance	Apr 19 1993

Unintended Consequences of NAT Deployments with Overlapping Address Space	Feb 1 2010
NAT Behavioral Requirements for ICMP	Apr 1 2009
Breaking Up the Transport Logjam	Oct 6 2008
NAT Behavioral Requirements for TCP	Oct 1 2008
State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)	Mar 1 2008
Peer-to-Peer Communication Across Network Address Translators	Apr 10 2005
Application Design Guidelines for Traversal through Network Address Translators	Feb 1 2005
Operating Principles and General Behavioral Requirements for Network Address Translators (BEH-GEN)	Feb 1 2005

MorphIT: Morphing Packet Reports for Internet Transparency	May 4 2019
Atom: Horizontally Scaling Strong Anonymity	Oct 30 2017
PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Metadata Protection Considerations for TLS Present and Future	Feb 21 2016
TAQ: Enhancing Fairness and Performance Predictability in Small Packet Regimes	Apr 14 2014
Maple: Simplifying SDN Programming Using Algorithmic Policies	Aug 13 2013
Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Non-Linear Compression: Gzip Me Not!	Jun 14 2012
Fitting Square Pegs Through Round Pipes: Unordered Delivery Wire-Compatible with TCP and TLS	Apr 27 2012
Eyo: Device-Transparent Personal Storage	Jun 15 2011
A Dynamic Recursive Unified Internet Design (DRUID)	Dec 24 2010
Minion: an all-terrain packet packhorse to jump-start stalled internet transports	Nov 28 2010
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010
Unintended Consequences of NAT Deployments with Overlapping Address Space	Feb 1 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
NAT Behavioral Requirements for ICMP	Apr 1 2009
Breaking Up the Transport Logjam	Oct 6 2008
NAT Behavioral Requirements for TCP	Oct 1 2008
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)	Mar 1 2008
Directions in Internet Transport Evolution	Dec 1 2007
Alpaca: Extensible Authorization for Distributed Services	Oct 29 2007
Structured Streams: a New Transport Abstraction	Aug 27 2007
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006
User-Relative Names for Globally Connected Personal Devices	Feb 27 2006
Peer-to-Peer Communication Across Network Address Translators	Apr 10 2005
Application Design Guidelines for Traversal through Network Address Translators	Feb 1 2005
Operating Principles and General Behavioral Requirements for Network Address Translators (BEH-GEN)	Feb 1 2005
Unmanaged Internet Protocol: Taming the Edge Network Management Crisis	Nov 20 2003
Scalable Internet Routing on Topology-Independent Node Identities	Oct 31 2003

Rethinking General-Purpose Decentralized Computing	May 12 2019
Deterministically Deterring Timing Attacks in Deterland	Oct 4 2015
GPUfs: The Case for Operating System Services on GPUs	Dec 1 2014
Heading Off Correlated Failures through Independence-as-a-Service	Oct 7 2014
Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Structural Cloud Audits that Protect Private Information	Nov 8 2013
An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable	Nov 3 2013
Lazy Tree Mapping: Generalizing and Scaling Deterministic Parallelism	Jul 29 2013
GPUfs: Integrating a File System with GPUs	Mar 20 2013
Enhancing the OS against Security Threats in System Administration	Dec 3 2012
Scaling Software-Defined Network Controllers on Multicore Servers	Jul 1 2012
Non-Linear Compression: Gzip Me Not!	Jun 14 2012
Plugging Side-Channel Leaks with Timing Information Flow Control	Jun 13 2012
Icebergs in the Clouds: the Other Risks of Cloud Computing	Jun 12 2012
A Virtual Memory Foundation for Scalable Deterministic Parallelism	Jul 11 2011
CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
Eyo: Device-Transparent Personal Storage	Jun 15 2011
Deterministic OpenMP for Race-Free Parallelism	May 26 2011
Workspace Consistency: A Programming Model for Shared Memory Parallelism	Mar 6 2011
Determinating Timing Channels in Compute Clouds	Oct 8 2010
Efficient System-Enforced Deterministic Parallelism	Oct 5 2010
Advanced Development of Certified OS Kernels	Jul 15 2010
Device Transparency: a New Model for Mobile Storage	Oct 11 2009
Vx32: Lightweight User-level Sandboxing on the x86	Jun 27 2008
Alpaca: Extensible Authorization for Distributed Services	Oct 29 2007
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006
VXA: A Virtual Architecture for Durable Compressed Archives	Dec 16 2005
Cache Directory Tagging Specification	Jul 19 2004
Fx86: Functional Management of Imperative Virtual Machines	Aug 28 2003
Interface and Execution Models in the Fluke Kernel	Feb 24 1999
The Flux OSKit: A Substrate for Kernel and Language Research	Oct 6 1997
Flick: A Flexible, Optimizing IDL Compiler	Jun 15 1997
The Flux OS Toolkit: Reusable Components for OS Implementation	May 5 1997
CPU Inheritance Scheduling	Oct 30 1996
Microkernels Meet Recursive Virtual Machines	Oct 30 1996
User-level Checkpointing Through Exportable Kernel State	Oct 27 1996
The Persistent Relevance of the Local Operating System to Global Applications	Sep 9 1996
Using Annotated Interface Definitions to Optimize RPC	Mar 1 1995
Separating Presentation from Interface in RPC and IDLs	Dec 1 1994
Evolving Mach 3.0 to A Migrating Thread Model	Jan 17 1994
Microkernels Should Support Passive Objects	Dec 9 1993
FLEX: A Tool for Building Efficient and Flexible Systems	Oct 14 1993
In-Kernel Servers on Mach 3.0: Implementation and Performance	Apr 19 1993
Notes on Thread Models in Mach 3.0	Apr 1 1993

Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Non-Linear Compression: Gzip Me Not!	Jun 14 2012
Fitting Square Pegs Through Round Pipes: Unordered Delivery Wire-Compatible with TCP and TLS	Apr 27 2012
Structured Streams: a New Transport Abstraction	Aug 27 2007

Deterministically Deterring Timing Attacks in Deterland	Oct 4 2015
Lazy Tree Mapping: Generalizing and Scaling Deterministic Parallelism	Jul 29 2013
A Virtual Memory Foundation for Scalable Deterministic Parallelism	Jul 11 2011
Deterministic OpenMP for Race-Free Parallelism	May 26 2011
Workspace Consistency: A Programming Model for Shared Memory Parallelism	Mar 6 2011
Determinating Timing Channels in Compute Clouds	Oct 8 2010
Efficient System-Enforced Deterministic Parallelism	Oct 5 2010

Parsing Expression Grammars: A Recognition-Based Syntactic Foundation	Jan 14 2004
Packrat Parsing: Simple, Powerful, Lazy, Linear Time	Oct 4 2002
Packrat Parsing: a Practical Linear-Time Algorithm with Backtracking	Sep 3 2002

Eyo: Device-Transparent Personal Storage	Jun 15 2011
Unintended Consequences of NAT Deployments with Overlapping Address Space	Feb 1 2010
Device Transparency: a New Model for Mobile Storage	Oct 11 2009
NAT Behavioral Requirements for ICMP	Apr 1 2009
NAT Behavioral Requirements for TCP	Oct 1 2008
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)	Mar 1 2008
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006
User-Relative Names for Globally Connected Personal Devices	Feb 27 2006
Peer-to-Peer Communication Across Network Address Translators	Apr 10 2005
Application Design Guidelines for Traversal through Network Address Translators	Feb 1 2005
Operating Principles and General Behavioral Requirements for Network Address Translators (BEH-GEN)	Feb 1 2005
Service Duality - Vitalizing the Commons	Jul 24 2003

Rethinking Priorities: Should Identity Systems Divide or Unite People?	Feb 8 2019
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
Let's verify real people, not real names.	Oct 7 2015
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008

Reducing Metadata Leakage from Encrypted Files and Communication with PURBs	Jul 18 2019
MorphIT: Morphing Packet Reports for Internet Transparency	May 4 2019
Rethinking Priorities: Should Identity Systems Divide or Unite People?	Feb 8 2019
So They're Selling You a Blockchain	Sep 11 2018
MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data	Jul 13 2018
On Enforcing the Digital Immunity of a Large Humanitarian Organization	May 22 2018
Atom: Horizontally Scaling Strong Anonymity	Oct 30 2017
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing	Jul 19 2017
Technology Governs Us. Will it Govern Us Well?	Jun 23 2017
Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies	Apr 29 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
An Efficient Communication System With Strong Anonymity	Jul 19 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities	Mar 16 2016
Metadata Protection Considerations for TLS Present and Future	Feb 21 2016
Let's verify real people, not real names.	Oct 7 2015
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Private Eyes: Secure Remote Biometric Authentication	Jul 20 2015
Heading Off Correlated Failures through Independence-as-a-Service	Oct 7 2014
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014
Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014
From Onions to Shallots: Rewarding Tor Relays with TEARS	Jul 18 2014
Crypto-Book: An Architecture for Privacy Preserving Online Identities	Nov 22 2013
Structural Cloud Audits that Protect Private Information	Nov 8 2013
Conscript Your Friends into Larger Anonymity Sets with JavaScript	Nov 4 2013
Ensuring High-Quality Randomness in Cryptographic Key Generation	Nov 4 2013
Hang With Your Buddies to Resist Intersection Attacks	Nov 4 2013
An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable	Nov 3 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Welcome to the World of Human Rights: Please Make Yourself Uncomfortable	May 23 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scavenging for Anonymity with BlogDrop	Jul 9 2012
Strong Theft-Proof Privacy-Preserving Biometric Authentication	May 25 2012
Faceless: Decentralized Anonymous Group Messaging for Online Social Networks	Apr 10 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008

Are Only Type Parameters Generic Enough for Go 2 Generics?	Jul 29 2019
GPUfs: The Case for Operating System Services on GPUs	Dec 1 2014
Maple: Simplifying SDN Programming Using Algorithmic Policies	Aug 13 2013
Lazy Tree Mapping: Generalizing and Scaling Deterministic Parallelism	Jul 29 2013
GPUfs: Integrating a File System with GPUs	Mar 20 2013
Scaling Software-Defined Network Controllers on Multicore Servers	Jul 1 2012
Deterministic OpenMP for Race-Free Parallelism	May 26 2011
Workspace Consistency: A Programming Model for Shared Memory Parallelism	Mar 6 2011
Alpaca: Extensible Authorization for Distributed Services	Oct 29 2007
Parsing Expression Grammars: A Recognition-Based Syntactic Foundation	Jan 14 2004
Packrat Parsing: Simple, Powerful, Lazy, Linear Time	Oct 4 2002
Packrat Parsing: a Practical Linear-Time Algorithm with Backtracking	Sep 3 2002
Flick: A Flexible, Optimizing IDL Compiler	Jun 15 1997
Using Annotated Interface Definitions to Optimize RPC	Mar 1 1995
Separating Presentation from Interface in RPC and IDLs	Dec 1 1994
Microkernels Should Support Passive Objects	Dec 9 1993

OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding	May 22 2018
Scalable Bias-Resistant Distributed Randomness	May 23 2017
Ensuring High-Quality Randomness in Cryptographic Key Generation	Nov 4 2013

Heading Off Correlated Failures through Independence-as-a-Service	Oct 7 2014
Structural Cloud Audits that Protect Private Information	Nov 8 2013
An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable	Nov 3 2013
Icebergs in the Clouds: the Other Risks of Cloud Computing	Jun 12 2012
CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
Advanced Development of Certified OS Kernels	Jul 15 2010

International Scientific Conferences Must Leave the U.S.	Jun 27 2018
Faculty size and growth in the top 20 Computer Science departments	Oct 22 2014

The Remote Voting Minefield: from North Carolina to Switzerland	Feb 22 2019
Rethinking Priorities: Should Identity Systems Divide or Unite People?	Feb 8 2019
Technology Governs Us. Will it Govern Us Well?	Jun 23 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
Welcome to the World of Human Rights: Please Make Yourself Uncomfortable	May 23 2013

Unintended Consequences of NAT Deployments with Overlapping Address Space	Feb 1 2010
NAT Behavioral Requirements for ICMP	Apr 1 2009
NAT Behavioral Requirements for TCP	Oct 1 2008
State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)	Mar 1 2008
User-Relative Names for Globally Connected Personal Devices	Feb 27 2006
Peer-to-Peer Communication Across Network Address Translators	Apr 10 2005
Application Design Guidelines for Traversal through Network Address Translators	Feb 1 2005
Operating Principles and General Behavioral Requirements for Network Address Translators (BEH-GEN)	Feb 1 2005
Unmanaged Internet Protocol: Taming the Edge Network Management Crisis	Nov 20 2003
Scalable Internet Routing on Topology-Independent Node Identities	Oct 31 2003
Service Duality - Vitalizing the Commons	Jul 24 2003

Rethinking General-Purpose Decentralized Computing	May 12 2019
OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding	May 22 2018
Atom: Horizontally Scaling Strong Anonymity	Oct 30 2017
Scalable Bias-Resistant Distributed Randomness	May 23 2017
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	Aug 10 2016
Maple: Simplifying SDN Programming Using Algorithmic Policies	Aug 13 2013
Lazy Tree Mapping: Generalizing and Scaling Deterministic Parallelism	Jul 29 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scaling Software-Defined Network Controllers on Multicore Servers	Jul 1 2012
A Virtual Memory Foundation for Scalable Deterministic Parallelism	Jul 11 2011
Scalable Internet Routing on Topology-Independent Node Identities	Oct 31 2003

Interface and Execution Models in the Fluke Kernel	Feb 24 1999
CPU Inheritance Scheduling	Oct 30 1996
Evolving Mach 3.0 to A Migrating Thread Model	Jan 17 1994
Notes on Thread Models in Mach 3.0	Apr 1 1993

Rationality is Self-Defeating in Permissionless Systems	Sep 23 2019
Reducing Metadata Leakage from Encrypted Files and Communication with PURBs	Jul 18 2019
On the Security of Two-Round Multi-Signatures	May 20 2019
The Remote Voting Minefield: from North Carolina to Switzerland	Feb 22 2019
So They're Selling You a Blockchain	Sep 11 2018
MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data	Jul 13 2018
OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding	May 22 2018
On Enforcing the Digital Immunity of a Large Humanitarian Organization	May 22 2018
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds	Aug 18 2017
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing	Jul 19 2017
Scalable Bias-Resistant Distributed Randomness	May 23 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
Untangling Mining Incentives in Bitcoin and ByzCoin	Oct 25 2016
PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication	Oct 24 2016
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing	Aug 10 2016
An Efficient Communication System With Strong Anonymity	Jul 19 2016
Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning	May 23 2016
AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities	Mar 16 2016
Apple, FBI, and Software Transparency	Mar 10 2016
Collectively Witnessing Log Servers in CT	Oct 20 2015
Deterministically Deterring Timing Attacks in Deterland	Oct 4 2015
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Private Eyes: Secure Remote Biometric Authentication	Jul 20 2015
Certificate Cothority: Towards Trustworthy Collective CAs	Jul 2 2015
Heading Off Correlated Failures through Independence-as-a-Service	Oct 7 2014
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014
Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays	Jul 18 2014
From Onions to Shallots: Rewarding Tor Relays with TEARS	Jul 18 2014
Crypto-Book: An Architecture for Privacy Preserving Online Identities	Nov 22 2013
Structural Cloud Audits that Protect Private Information	Nov 8 2013
Conscript Your Friends into Larger Anonymity Sets with JavaScript	Nov 4 2013
Ensuring High-Quality Randomness in Cryptographic Key Generation	Nov 4 2013
Hang With Your Buddies to Resist Intersection Attacks	Nov 4 2013
An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable	Nov 3 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Welcome to the World of Human Rights: Please Make Yourself Uncomfortable	May 23 2013
Enhancing the OS against Security Threats in System Administration	Dec 3 2012
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Plugging Side-Channel Leaks with Timing Information Flow Control	Jun 13 2012
Icebergs in the Clouds: the Other Risks of Cloud Computing	Jun 12 2012
Strong Theft-Proof Privacy-Preserving Biometric Authentication	May 25 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
CertiKOS: A Certified Kernel for Secure Cloud Computing	Jul 11 2011
Determinating Timing Channels in Compute Clouds	Oct 8 2010
Efficient System-Enforced Deterministic Parallelism	Oct 5 2010
Advanced Development of Certified OS Kernels	Jul 15 2010
Unintended Consequences of NAT Deployments with Overlapping Address Space	Feb 1 2010
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
Vx32: Lightweight User-level Sandboxing on the x86	Jun 27 2008
An Offline Foundation for Online Accountable Pseudonyms	Apr 1 2008
Structured Streams: a New Transport Abstraction	Aug 27 2007
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006
User-Relative Names for Globally Connected Personal Devices	Feb 27 2006
VXA: A Virtual Architecture for Durable Compressed Archives	Dec 16 2005
The Flux OSKit: A Substrate for Kernel and Language Research	Oct 6 1997
The Flux OS Toolkit: Reusable Components for OS Implementation	May 5 1997
Microkernels Meet Recursive Virtual Machines	Oct 30 1996
The Persistent Relevance of the Local Operating System to Global Applications	Sep 9 1996

Deterministically Deterring Timing Attacks in Deterland	Oct 4 2015
Plugging Side-Channel Leaks with Timing Information Flow Control	Jun 13 2012
Determinating Timing Channels in Compute Clouds	Oct 8 2010

AnonRep: Towards Tracking-Resistant Anonymous Reputation	Mar 16 2016
Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities	Mar 16 2016
Crypto-Book: An Architecture for Privacy Preserving Online Identities	Nov 22 2013
Faceless: Decentralized Anonymous Group Messaging for Online Social Networks	Apr 10 2012
UIA: A Global Connectivity Architecture for Mobile Personal Devices	Sep 1 2008
Persistent Personal Names for Globally Connected Mobile Devices	Nov 6 2006

Maple: Simplifying SDN Programming Using Algorithmic Policies	Aug 13 2013
Scaling Software-Defined Network Controllers on Multicore Servers	Jul 1 2012

GPUfs: The Case for Operating System Services on GPUs	Dec 1 2014
GPUfs: Integrating a File System with GPUs	Mar 20 2013
Device Transparency: a New Model for Mobile Storage	Oct 11 2009
VXA: A Virtual Architecture for Durable Compressed Archives	Dec 16 2005
Cache Directory Tagging Specification	Jul 19 2004
Service Duality - Vitalizing the Commons	Jul 24 2003

On Enforcing the Digital Immunity of a Large Humanitarian Organization	May 22 2018
Technology Governs Us. Will it Govern Us Well?	Jun 23 2017
Multiple Objectives of Lawful-Surveillance Protocols	Mar 20 2017
Privacy-Preserving Lawful Contact Chaining	Oct 24 2016
Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance	Aug 18 2014

Sightseeing Around Lausanne

Jun 16 2018

MorphIT: Morphing Packet Reports for Internet Transparency	May 4 2019
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds	Aug 18 2017
How Do You Know It's On the Blockchain? With a SkipChain.	Aug 1 2017
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing	Jul 19 2017
Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning	May 23 2016
Apple, FBI, and Software Transparency	Mar 10 2016
Collectively Witnessing Log Servers in CT	Oct 20 2015
Certificate Cothority: Towards Trustworthy Collective CAs	Jul 2 2015
Device Transparency: a New Model for Mobile Storage	Oct 11 2009

Metadata Protection Considerations for TLS Present and Future	Feb 21 2016
TAQ: Enhancing Fairness and Performance Predictability in Small Packet Regimes	Apr 14 2014
Reducing Latency in Tor Circuits with Unordered Delivery	Aug 13 2013
Non-Linear Compression: Gzip Me Not!	Jun 14 2012
Fitting Square Pegs Through Round Pipes: Unordered Delivery Wire-Compatible with TCP and TLS	Apr 27 2012
Minion: an all-terrain packet packhorse to jump-start stalled internet transports	Nov 28 2010
Efficient Cross-Layer Negotiation	Oct 22 2009
Breaking Up the Transport Logjam	Oct 6 2008
NAT Behavioral Requirements for TCP	Oct 1 2008
State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs)	Mar 1 2008
Directions in Internet Transport Evolution	Dec 1 2007
Structured Streams: a New Transport Abstraction	Aug 27 2007
Peer-to-Peer Communication Across Network Address Translators	Apr 10 2005

MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data	Jul 13 2018
Atom: Horizontally Scaling Strong Anonymity	Oct 30 2017
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing	Jul 19 2017
An Efficient Communication System With Strong Anonymity	Jul 19 2016
Seeking Anonymity in an Internet Panopticon	Oct 1 2015
Security Analysis of Accountable Anonymity in Dissent	Aug 1 2014
Conscript Your Friends into Larger Anonymity Sets with JavaScript	Nov 4 2013
Proactively Accountable Anonymous Messaging in Verdict	Aug 14 2013
Dissent in Numbers: Making Strong Anonymity Scale	Oct 8 2012
Scalable Anonymous Group Communication in the Anytrust Model	Apr 10 2012
Dissent: Accountable Anonymous Group Messaging	Oct 4 2010

Managing NymBoxes for Identity and Tracking Protection	Aug 1 2014
Vx32: Lightweight User-level Sandboxing on the x86	Jun 27 2008
VXA: A Virtual Architecture for Durable Compressed Archives	Dec 16 2005
Fx86: Functional Management of Imperative Virtual Machines	Aug 28 2003
Microkernels Meet Recursive Virtual Machines	Oct 30 1996
User-level Checkpointing Through Exportable Kernel State	Oct 27 1996
The Persistent Relevance of the Local Operating System to Global Applications	Sep 9 1996

The Remote Voting Minefield: from North Carolina to Switzerland	Feb 22 2019
Delegative Democracy Revisited	Nov 16 2014
Individual Representation	Nov 23 2004
Wiki Democracy	Aug 16 2004
Delegative Voting	Oct 21 2002
Delegative Democracy	May 15 2002

Writings by Topic

MorphIT: Morphing Packet Reports for Internet Transparency

Atom: Horizontally Scaling Strong Anonymity

Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies

PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication

Privacy-Preserving Lawful Contact Chaining

An Efficient Communication System With Strong Anonymity

AnonRep: Towards Tracking-Resistant Anonymous Reputation

Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities

Let's verify real people, not real names.

Seeking Anonymity in an Internet Panopticon

Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance

Managing NymBoxes for Identity and Tracking Protection

Security Analysis of Accountable Anonymity in Dissent

A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays

From Onions to Shallots: Rewarding Tor Relays with TEARS

Crypto-Book: An Architecture for Privacy Preserving Online Identities

Conscript Your Friends into Larger Anonymity Sets with JavaScript

Hang With Your Buddies to Resist Intersection Attacks

Proactively Accountable Anonymous Messaging in Verdict

Reducing Latency in Tor Circuits with Unordered Delivery

Dissent in Numbers: Making Strong Anonymity Scale

Scavenging for Anonymity with BlogDrop

Faceless: Decentralized Anonymous Group Messaging for Online Social Networks

Scalable Anonymous Group Communication in the Anytrust Model

Dissent: Accountable Anonymous Group Messaging

An Offline Foundation for Online Accountable Pseudonyms

Private Eyes: Secure Remote Biometric Authentication

Strong Theft-Proof Privacy-Preserving Biometric Authentication

Rationality is Self-Defeating in Permissionless Systems

On the Security of Two-Round Multi-Signatures

Rethinking General-Purpose Decentralized Computing

So They're Selling You a Blockchain

OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds

How Do You Know It's On the Blockchain? With a SkipChain.

Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies

Untangling Mining Incentives in Bitcoin and ByzCoin

Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning

AnonRep: Towards Tracking-Resistant Anonymous Reputation

Collectively Witnessing Log Servers in CT

A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays

Heading Off Correlated Failures through Independence-as-a-Service

Structural Cloud Audits that Protect Private Information

An Untold Story of Redundant Clouds: Making Your Service Deployment Truly Reliable

Icebergs in the Clouds: the Other Risks of Cloud Computing

Determinating Timing Channels in Compute Clouds

Rationality is Self-Defeating in Permissionless Systems

Untangling Mining Incentives in Bitcoin and ByzCoin

Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

Reducing Metadata Leakage from Encrypted Files and Communication with PURBs

On the Security of Two-Round Multi-Signatures

MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data

CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds

How Do You Know It's On the Blockchain? With a SkipChain.

UnLynx: A Decentralized System for Privacy-Conscious Data Sharing

Scalable Bias-Resistant Distributed Randomness

Multiple Objectives of Lawful-Surveillance Protocols

PriFi: A Low-Latency and Tracking-Resistant Protocol for Local-Area Anonymous Communication

Privacy-Preserving Lawful Contact Chaining

Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

An Efficient Communication System With Strong Anonymity

Keeping Authorities “Honest or Bust” with Decentralized Witness Cosigning

AnonRep: Towards Tracking-Resistant Anonymous Reputation

Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities

Apple, FBI, and Software Transparency

Collectively Witnessing Log Servers in CT

Seeking Anonymity in an Internet Panopticon

Private Eyes: Secure Remote Biometric Authentication

Certificate Cothority: Towards Trustworthy Collective CAs

Catching Bandits and Only Bandits: Privacy-Preserving Intersection Warrants for Lawful Surveillance

Security Analysis of Accountable Anonymity in Dissent

A TorPath to TorCoin: Proof-of-Bandwidth Altcoins for Compensating Relays

From Onions to Shallots: Rewarding Tor Relays with TEARS

Crypto-Book: An Architecture for Privacy Preserving Online Identities

Conscript Your Friends into Larger Anonymity Sets with JavaScript

Ensuring High-Quality Randomness in Cryptographic Key Generation

Hang With Your Buddies to Resist Intersection Attacks

Proactively Accountable Anonymous Messaging in Verdict